Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Trailrunner7 writes "In the wake of high-profile compromises of companies such as Facebook, the New York Times, Apple and others, officials at Zendesk, an online customer support provider, said that the company also had been compromised and the attackers had made off with the email addresses of customers of Twitter, Tumblr and Pinterest, all of which use Zendesk's services. All three companies sent out emails to affected customers, notifying them of the incident and warning that their email addresses may have been compromised. In what has become an almost daily occurrence now, Zendesk officials posted a notice on the company's blog with the heading "We've been hacked". The Zendesk hack notice says that the company became aware of the attack on its network sometime this week and that the company then identified and patched the vulnerability the attackers had used."

I think it's mostly phishing attacks. It's really unbelievable the number of people who fall for that shit.

Our organization has about 3,500 email users and every once in awhile a phish campaign will make it through our filters to a large portion of the user base. Without fail, a dozen or more users will fall for it and have their accounts used to pump out spam. What's maddening is that the same individuals continue to get phished over and over, even after repeatedly being educated not to ever give out their passwords. They see some tech-jargon looking email and their brain just shuts down. I'm at an enterprise full of generally intelligent folks - I can only imagine what's going on in the brain of your average Yahoo user.

One of the funnier and somewhat more subtle compromises we experienced was a spammer who targeted our corporate webmail interface. He phished several accounts but didn't directly send spam like most of them do. Instead, he logged in via webmail and placed various porn and boner-pill advertisements in those accounts' signatures. As a result, some of our employees were unwittingly sending out porn ads appended to their legitimate business emails for awhile...